Host and host group authentication

When a host attempts to connect to the storage system, the connection of the authentication of the host differs depending on the host group settings. The following diagram illustrates the flow of authentication of hosts in a Fibre Channel environment. The connection use cases (Cases A, B, and C) are described below the diagram.

Authenticating hosts (Cases A, B, and C)

The following cases describe the examples of performing authentication of host groups.

Case A - The user information of the host is registered on the host group, and authentication of the host is enabled.

The host group authenticates the user information sent from the host. If authentication of the host is successful, either of the following occurs:

  • When the host is configured for mutual authentication, authentication of the host group is performed.
  • When the host is not configured for mutual authentication, the host connects to the storage system.

If the host is not configured for authentication by host groups with CHAP, the authentication fails and the host cannot connect to the storage system.

Case B - The user information of the host is registered on the host group, but authentication of the host is disabled.

The host group does not perform authentication of the host. The host will connect to the storage system without authentication regardless of whether the host is configured for authentication by host groups with CHAP.

Case C - The user information of the host is not registered on the host group.

Regardless of the setting on the host, the host group performs authentication of the host, but this results in failure. The host cannot connect to the storage system.

Not authenticating hosts (Case D)

Case D is an example of connecting via a host group that does not perform authentication of hosts. The host will connect to the storage system without authentication of the host regardless of whether the host is configured for authentication by host groups with CHAP. In this case, though you do not need to register user information of the host on the host group, you can register it.

You should register user information of all hosts to be connected to a host group that performs authentication of hosts. To allow a specific host to connect to such a host group without authentication, configure the host group and the host as follows.

On the host group: Register the user information of the host you want to allow to connect without authentication, and then disable the authentication setting of the host.

Parent Topic
  • Setting Fibre Channel authentication

    When configuring a Fibre Channel environment, use the Authentication window to set user authentication on host groups, Fibre Channel ports, and fabric switches of the storage system.

Child Topics